笨狼發牢騷
發發牢騷,解解悶,消消愁
正文
我每天吃2兩斤芹菜,最近覺得芹菜漲價,感到不爽,但不知道為什麽,剛發現原來芹菜成了大熱門:
Cybereason Chief Executive Lior Div
中國得拿出實際行動,才能讓人信服。習近平在20強年會最大的收獲,也許是跟安倍套套近乎,跟莫迪講哥們。
Wellness gurus have extolled its benefits, but there’s no science that supports their claims
為什麽火?
Anthony William, a guru who receives his health advice from a source he calls the “Spirit of Compassion,” advises readers to drink 16 ounces of organic celery juice each morning on an empty stomach
In New York City, juice is a hallowed symbol of status
♦♦♦
有人說美國的中東政策由以(色列)沙(特)代管,其伊朗政策和巴勒斯坦方案(就已經知道的美國巴勒斯坦解決方案來看,那是真狠啊,《紐約書評》The Neocolonial Arrogance of the Kushner Plan)是兩個最大的亮點,相比之下,也門的殘酷局麵反成了小菜一碟,公子哥當政是一個原因:
(前)外長成了仆人,新外長處處逼伊朗出手,雖說總統得兜著(川普如何東西各施妙計陷自己於困境),全世界都沒轍,中國號稱伊朗盟友,中國國企第一個撤下來,大概華為孟晚舟把大家嚇壞了,反觀中國隻能在美元這個世界貨幣和結算係統(SWIFT)內運作,整個挨打,嘴還硬,但一點招數都沒有(《南華早報》Why China is set to support Iran at the Osaka G20 summit – but subtly)。為什麽中國沒有完全不在美國做生意的國企,專門攬伊朗朝鮮的生意(《華郵 Chinese bank involved in probe on North Korean sanctions and money laundering faces financial ‘death penalty’ , 《合眾社》China criticizes possible US penalties against banks )?伊朗石油還中國生活用品,簡單物換物(barter),連美元都不需要。
原因很簡單。4年前評論伊核談判之際, 美伊核談達成協議,曆史新的一章,我就說“ 如果誰學到了整套過程,就是外交部長的人選。王毅要是沒派個大團去,就是沒腦子了”。 看來中國是隻看紅,有沒有腦子無關緊要。這結果,才造成中美談判中方累累出錯,《南華早報》(Are China’s trade negotiators being hampered by poor communication, inexperience?)近日說起國內終於有人出來說劉鶴對整個談判處理欠佳,這點我一個半月前就說了, 都是劉鶴的錯 。
當然對美國製裁伊朗沒轍,不僅僅是中國如此,歐洲也是如此,歐洲對美國此舉是耿耿於懷,想方設法找個發自繞過美元結算係統,去年想了個辦法,叫特殊貿易機製(The Instrument in Support of Trade Exchanges,簡稱INSTEX),屬於“Special Purpose Vehicle (SPV)“。歐洲大部分國家不敢沾邊,最後三大頭(德英法)咬咬牙,三家聯手,總部在法國,德國當主管,大家有禍一鍋端。可是這玩意折騰了一年都不見蹤影,最後伊朗內憂外困,實在撐不住了,威脅說要提煉鈾了,它才勉強出局《德國之聲》INSTEX: Europe sets up transactions channel with Iran)。這一機製對美國意想不到的在國際關係和國際金融方麵的影響,參見:INSTEX: A Blow to U.S. Sanctions?。
中國目前的態度是觀望,如果行得通就利用一把。這又是短視,這機製看上去沒什麽用,但這是開辟美元結算之外的體係的良機,別隻想著中國自己主導什麽的,與歐洲聯手把這個機製坐大,有無窮的好處,即可利用,也可以和歐洲聯盟,還可以學一招。
♦♦♦
下一條,以色列網安公司Cybereason派出高管揭露“某黑客集團”攻占十個西方通信公司,不僅盜竊商務資料,還盜竊技術產權。
Cybereason Chief Executive Lior Div
很多鮮料,但故事多少以前透漏過。繼承西方媒體進來的傳統,一個私企或政府把一大堆材料攤到媒體前,媒體不假思索當作事實報道,雖然Cybereason說跡象是說中國是幕後,但沒有實實在在的證據,但媒體報道給人的感覺自然是中國了。我說中國嫌疑大,不過大並非證實,誰知道背後有多少大家不知道的料?
最招人的,是美國大媒體一塊兒抄發一遍。
《合眾社》Report: Hackers using telecoms like ‘global spy system’
Attack targeted 20 people believed to have ties to China across Asia, Europe, Africa and Middle East, according to a cybersecurity firm report
♦♦♦
最後20強年會。
昨天中美雙方的結果是世界共識,沒法猜,所以覺得事前沒啥好說的。會前大家各有手腳,中國透漏了“底線”(《華爾街日報》China to Insist U.S. Lifts Huawei Ban as Part of Trade Truce),無疑淳樸(美國總統Donald Trump,人稱特朗普或川普)急些
(《華郵》At G-20 summit, Trump and Xi try to reach a deal without giving away too much:“The administration has been desperate for these talks for weeks. It’s been painful to watch”),但淳樸說願談華為的時候( 《華爾街日報》Trump Says He Is Set to Discuss Huawei With Xi ),我當時就記得淳樸的話不能當真,也不能當假,中國不變應萬變未必是妙招,但卻是迫不得已情況下唯一的應對。
《商業有線電視CNBC》Trump says he agreed with Xi to hold off on new tariffs and to let Huawei buy US products
President tweets Xi meeting was ‘far better’ than expected
暫時不對華為禁運是個空頭許諾,是否真的還得等“有關部門研討”,因為這隨時可以翻臉,跟目前的延期三個月沒啥區別,甚至更糟。這大豆換華為完全是大家不願當眾翻臉的妥協。不過淳樸推言“China has agreed that, during the negotiation, they will begin purchasing large amounts of agricultural product from our great Farmers”也說明他的痛處,美國農民很慘。我在中西部,今年草坪是多年來最綠的,不是我勤快,而是雨水多,農田被淹過半,產品還賣不出去,進退兩難。中國的愛國情緒還高漲:
看來中國還沒出籠的反關稅單據也不用了,以前清單叫得凶,但遲遲不見影子,連聯邦快遞都獻媚(告美國政府)了,也不好意思打了吧?我原來有個想法,就是那稀土跟華為做交換,當然不僅僅是華為,是所有實體清單禁運,這很難,因為美國不會接受,但那是為什麽 要拿稀土來交換的原因。不過後來意識到淳樸連稀土是什麽都不知道,覺得這沒戲。不過新稀土政策還是會很快出籠,肯定會對全世界有影響,但至於是否成為武器,就看下一輪談判了。
習近平一年多前在達沃斯維護世貿的豪言讓全世界耳目一新,但雖然他在多次重複中國的這一許諾,大家後來都覺得那隻是空言,信不過
【附錄】
《華爾街日報》Global Telecom Carriers Attacked by Suspected Chinese Hackers
Attack targeted 20 people believed to have ties to China across Asia, Europe, Africa and Middle East, according to a cybersecurity firm report
The cyberoffensive casts a spotlight back on a Chinese group called APT 10. U.S. federal prosecutors charged two Chinese nationals in December for alleged work tied to APT 10 targeting U.S. businesses and government agencies
By Timothy W. Martin and Eva Dou
Updated June 24, 2019 10:02 pm ET
Hackers believed to be backed by China’s government have infiltrated the cellular networks of at least 10 global carriers, swiping users’ whereabouts, text-messaging records and call logs, according to a new report, amid growing scrutiny of Beijing’s cyberoffensives.
The multiyear campaign, which is continuing, targeted 20 military officials, dissidents, spies and law enforcement—all believed to be tied to China—and spanned Asia, Europe, Africa and the Middle East, says Cybereason Inc., a Boston-based cybersecurity firm that first identified the attacks. The tracked activity in the report occurred in 2018.
The cyberoffensive casts a spotlight on a Chinese group called APT 10; two of its alleged members were indicted by the U.S. Department of Justice in December for broad-ranging hacks against Western businesses and government agencies. Cybereason said the digital fingerprints left in the telecom hacks pointed to APT 10 or a threat actor sharing its methods.
“We never heard of this kind of mass-scale espionage ability to track any person across different countries,” said Cybereason Chief Executive Lior Div.
Mr. Div gave a weekend, in-person briefing about the hack to more than two dozen other global carriers. For the firms affected, the response has been disbelief and anger, he said.
The Wall Street Journal was unable to independently confirm the report. Cybereason, which is run by former Israeli counterintelligence members, declined to name the individuals or the telecom firms targeted, citing privacy concerns.
China has consistently denied perpetrating cyberattacks, calling itself a victim of hacks by the U.S. and other countries. China’s Foreign Ministry didn’t respond to a faxed request to comment. The Ministry of State Security wasn’t reachable for comment.
The identities of the 20 individuals allegedly targeted by China couldn’t be learned. The country often tracks overseas political dissidents and other persons of interest digitally and in person, according to cybersecurity experts and human-rights activists.
The hacking campaign—which Cybereason calls “Operation Soft Cell”—represents one of the most far-reaching recent offenses against a telecom industry under pressure, Mr. Div said. Around three of every 10 global carriers have had sensitive information stolen from hacking attacks, according to a 2018 report by EfficientIP, a Philadelphia-based cybersecurity firm.
Operation Soft Cell gave hackers access to the carriers’ entire active directory, an exposure of hundreds of millions of users, Cybereason said. The hackers created high-privileged accounts that allowed them to roam through the telecoms’ systems, appearing as if they were employees.
The work of nation-state groups like APT 10 tends to be covert and focus on gathering intelligence—a contrast with organized crime rings that shut down websites or pilfer networks seeking monetizable assets, such as bank accounts or credit-card data.
“Nation-state groups are no doubt the top of the food chain,” said Larry Lunetta, a vice president of security solutions marketing at Aruba, a part of Hewlett Packard Enterprise Co. “The behaviors they exhibit generally would never have been seen before or may not look different to normal activity.”
Cybereason Chief Executive Lior Div
The rollout of next-generation 5G networks globally has stoked national-security fears that the new technology could be vulnerable to hacking. Operation Soft Cell largely unfolded on existing 4G LTE networks, though the incident reveals fresh vulnerabilities.
The campaign used APT 10-linked procedures and techniques, including a web shell used to steal credentials and a remote-access tool, said Amit Serper, Cybereason’s head of security research.
Cybereason said it couldn’t be ruled out that a non-Chinese actor mirrored the attacks to appear as if it were APT 10, as part of a misdirection. But the servers, domains and internet-protocol addresses came from China, Hong Kong or Taiwan, Mr. Div said. “All the indications are directed to China,” he said.
The APT 10 group, also known as cloudhopper, is believed by cybersecurity experts to be backed by China’s government based on its history of going after data that is strategic and not immediately monetizable. The group has been less visibly active this year following the Justice Department indictments, though is likely still around, said Ben Read, senior manager of cyber espionage analysis at FireEye Intelligence.
“They’re one of the most active China groups we track,” Mr. Read said.
China-based hackers have consistently targeted U.S. businesses over the years, although the frequency of attacks declined after a 2015 cease-fire on economic espionage signed by President Obama and President Xi Jinping.
Other countries, including Australia, Japan and the United Kingdom, have accused China of attempting to hack their government agencies and local companies.
Cybereason says Operation Soft Cell didn’t involve real-time snooping, meaning hackers weren’t listening in on calls or reading text messages.
Instead, the hackers obtained all-data records that reveal where individuals go and whom they contact —invaluable information for foreign intelligence agencies eager to learn a person’s daily commute or their confidantes.
“They owned the entire network,” Mr. Serper said.
With precise movements, the hackers breached telecom companies’ networks through traditional spear phishing emails and other tactics, Cybreason says.
Once inside, the hackers stole login credentials, identifying computers or accounts with access to the servers containing the call-data records. They cloaked themselves even more by creating admin accounts and covering their digital tracks with virtual private networks, or VPNs, which made the behavior appear as if it had come from legitimate employees.
Cybereason discovered the hacks by sniffing out unusual network traffic between a computer and the call-data record databases. The researchers detected activity dating as far back as 2012.
Some telecom firms have alerted users of the breach, per local regulations, though it is unclear if all of them have, Mr. Div said.
評論
目前還沒有任何評論
登錄後才可評論.
